22个误报样本

IllusionWing

报的越少越好..卡吧=2个
UG不幸的10个...
每个文件都run过

小邪邪

升级后的mcafee8.7企业版beta2-5000扩展库居然也达到了7个





比8.5i正式版的标准库是成倍增加

[ 本帖最后由 小邪邪 于 2008-6-19 14:11 编辑 ]

SIGKILL

Begin scan in 'C:\Documents and Settings\Administrator\桌面\fp'
C:\Documents and Settings\Administrator\桌面\fp\
C:\Documents and Settings\Administrator\桌面\fp\FP1.bin
      [DETECTION] Is the Trojan horse TR/PSW.QQRob.WO
      [NOTE]      A backup was created as '488af3a0.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\fp\FP11.bin
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The fund was classified as suspicious.
      [NOTE]      A backup was created as '488af3a1.qua'  ( QUARANTINE )
C:\Documents and Settings\Administrator\桌面\fp\FP12.bin
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The fund was classified as suspicious.
      [NOTE]      A backup was created as '488af3a2.qua'  ( QUARANTINE )
C:\Documents and Settings\Administrator\桌面\fp\FP17.bin
      [DETECTION] Contains detection pattern of the dropper DR/RKit.Agent.N
      [NOTE]      A backup was created as '488af3a3.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\fp\FP19.bin
      [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
      [NOTE]      A backup was created as '49253964.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\fp\FP21.bin
      [DETECTION] Contains detection pattern of the worm WORM/Autorun.dtp.1
      [NOTE]      A backup was created as '488bf3a4.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\fp\FP3.bin
      [DETECTION] Is the Trojan horse TR/Drop.VB.anl
      [NOTE]      A backup was created as '488cf3a5.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\fp\FP18.bin
      [DETECTION] Contains detection pattern of the SPR/VB.DF.8 program
      [NOTE]      A backup was created as '488af3a6.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!

ssy275

SOPHOS4个，蜘蛛5个

[ 本帖最后由 ssy275 于 2008-6-19 14:00 编辑 ]

aaad2008

avast!杀8

fankj660

mcafee8.5  three

[ 本帖最后由 fankj660 于 2008-6-19 14:03 编辑 ]

aerbeisi

FalsePostive\FP10.bin - probably a variant of Win32/Agent 木马
FalsePostive\FP13.bin - Win32/PSW.QQPass.NAW 木马
FalsePostive\FP21.bin - Win32/AutoRun.DTP 蠕虫
FalsePostive\FP22.bin - Win32/Hupigon 木马

冷冷

IKARUS



I:\样本\FalsePostive[1]\FP1.bin - Suspect code-parts found (Level: 40)
I:\样本\FalsePostive[1]\FP10.bin - Signature 'Trojan-PWS.Win32.Delf.su' found
I:\样本\FalsePostive[1]\FP11.bin
I:\样本\FalsePostive[1]\FP12.bin - Signature 'AdWare.CnsMin.J' found
I:\样本\FalsePostive[1]\FP13.bin - Signature 'Trojan-PWS.Qqpass.IW' found
I:\样本\FalsePostive[1]\FP14.bin
I:\样本\FalsePostive[1]\FP15.bin
I:\样本\FalsePostive[1]\FP16.bin
I:\样本\FalsePostive[1]\FP17.bin - Signature 'Downloader.RKit.Agent.N' found
I:\样本\FalsePostive[1]\FP18.bin - Signature 'Packed.Win32.Klone.af' found
I:\样本\FalsePostive[1]\FP19.bin - Signature 'Virus.Win32.CTX' found
I:\样本\FalsePostive[1]\FP2.bin
I:\样本\FalsePostive[1]\FP20.bin
I:\样本\FalsePostive[1]\FP21.bin - Signature 'Trojan.Win32.Agent.ala' found
I:\样本\FalsePostive[1]\FP22.bin
I:\样本\FalsePostive[1]\FP3.bin - Signature 'Trojan-Dropper.Win32.VB.anl' found
I:\样本\FalsePostive[1]\FP4.bin - Signature 'Trojan-Downloader.Win32.Delf.awm' found
I:\样本\FalsePostive[1]\FP5.bin - Signature 'Backdoor.Pigeon.1604' found
I:\样本\FalsePostive[1]\FP6.bin - Signature 'Virus.Win32.Agent.TNN' found
I:\样本\FalsePostive[1]\FP7.bin
I:\样本\FalsePostive[1]\FP8.bin - Signature 'Trojan-Spy.Win32.Banker.byl' found
I:\样本\FalsePostive[1]\FP9.bin
22 Files scanned
   (0 Archives with 0 files)
12 Signatures found
1 Suspect code-part found
Used time: 0:05.391

aerbeisi

Artemis的白名单还需要完善。

sbbdms

Kaspersky false alarmed two

TO KL

[ 本帖最后由 sbbdms 于 2008-6-19 16:10 编辑 ]